Verified Commit 231ec56d authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Run telnet on port 2323 in addition to 23

parent d0add18c
......@@ -7,6 +7,8 @@ BEGIN;
DROP VIEW IF EXISTS fake_bad_connections;
DROP VIEW IF EXISTS fake_bad_connections_telnet;
DROP VIEW IF EXISTS fake_bad_connections_telnet_alt;
DROP VIEW IF EXISTS fake_bad_connections_http;
DROP VIEW IF EXISTS fake_bad_connections_ssh_honey;
DROP VIEW IF EXISTS fake_blacklist;
DROP VIEW IF EXISTS fake_blacklist_remotes;
......@@ -409,7 +411,7 @@ CREATE TABLE fwup_addresses (
);
CREATE TYPE fake_log_type AS ENUM ('connect', 'disconnect', 'lost', 'extra', 'timeout', 'login');
CREATE TYPE fake_server AS ENUM ('telnet', 'ssh_honey', 'http');
CREATE TYPE fake_server AS ENUM ('telnet', 'ssh_honey', 'http', 'telnet_alt');
CREATE TABLE fake_server_names (
name TEXT NOT NULL,
code CHAR NOT NULL,
......@@ -418,7 +420,7 @@ CREATE TABLE fake_server_names (
UNIQUE(code),
UNIQUE(type)
);
INSERT INTO fake_server_names (name, code, type) VALUES ('telnet', 'T', 'telnet'), ('SSH honeypot', 'S', 'ssh_honey'), ('http', 'H', 'http');
INSERT INTO fake_server_names (name, code, type) VALUES ('telnet', 'T', 'telnet'), ('SSH honeypot', 'S', 'ssh_honey'), ('http', 'H', 'http'), ('telnet alternative', 't', 'telnet_alt');
CREATE TABLE fake_logs (
id BIGINT PRIMARY KEY,
client INT NOT NULL,
......@@ -475,6 +477,8 @@ CREATE TABLE ssh_commands (
INSERT INTO fake_blacklist_scores (server, event, score) VALUES
('telnet', 'connect', 4),
('telnet', 'login', 20),
('telnet_alt', 'connect', 4),
('telnet_alt', 'login', 20),
('http', 'connect', 10),
('http', 'login', 10);
CREATE TYPE blacklist_mode AS ENUM ('soft', 'hard');
......@@ -492,6 +496,9 @@ INSERT INTO fake_blacklist_limits (server, clients, score, mode) VALUES
('telnet', 4, 500, 'hard'),
('telnet', 3, 300, 'soft'),
('telnet', 2, 1000, 'soft'),
('telnet_alt', 4, 500, 'hard'),
('telnet_alt', 3, 300, 'soft'),
('telnet_alt', 2, 1000, 'soft'),
('http', 4, 500, 'hard'),
('http', 3, 300, 'soft'),
('http', 2, 1000, 'soft'),
......@@ -611,7 +618,61 @@ ORDER BY
fake_logs.remote,
local,
MIN(timestamp);
CREATE OR REPLACE VIEW fake_bad_connections AS (SELECT * FROM fake_bad_connections_telnet) UNION (SELECT * FROM fake_bad_connections_ssh_honey);
CREATE OR REPLACE VIEW fake_bad_connections_telnet_alt AS SELECT
fake_logs.server,
fake_logs.remote,
remote_port,
local,
2323 AS local_port,
MIN(timestamp) AS start_time_utc,
MAX(timestamp) AS end_time_utc,
SUM((event = 'login')::INTEGER) AS login_attempts,
MIN(clients) AS clients_total
FROM
fake_logs
JOIN fake_blacklist ON fake_logs.remote = fake_blacklist.remote
WHERE
fake_logs.server = 'telnet_alt'
AND fake_blacklist.server = 'telnet_alt'
AND fake_blacklist.mode = 'hard'
AND remote_port IS NOT NULL
GROUP BY
fake_logs.server,
fake_logs.remote,
remote_port,
local
ORDER BY
fake_logs.remote,
local,
MIN(timestamp);
CREATE OR REPLACE VIEW fake_bad_connections_http AS SELECT
fake_logs.server,
fake_logs.remote,
remote_port,
local,
80 AS local_port,
MIN(timestamp) AS start_time_utc,
MAX(timestamp) AS end_time_utc,
SUM((event = 'login')::INTEGER) AS login_attempts,
MIN(clients) AS clients_total
FROM
fake_logs
JOIN fake_blacklist ON fake_logs.remote = fake_blacklist.remote
WHERE
fake_logs.server = 'http'
AND fake_blacklist.server = 'http'
AND fake_blacklist.mode = 'hard'
AND remote_port IS NOT NULL
GROUP BY
fake_logs.server,
fake_logs.remote,
remote_port,
local
ORDER BY
fake_logs.remote,
local,
MIN(timestamp);
CREATE OR REPLACE VIEW fake_bad_connections AS (SELECT * FROM fake_bad_connections_telnet) UNION (SELECT * FROM fake_bad_connections_telnet_alt) UNION (SELECT * FROM fake_bad_connections_http) UNION (SELECT * FROM fake_bad_connections_ssh_honey);
CREATE TABLE spoof (
id BIGINT PRIMARY KEY,
......
......@@ -135,6 +135,9 @@ plugin. There are, however, additional options:
`telnet_port`::
The port on which the plugin listens on the telnet protocol. If it
is set to 0, listening to telnet protocol is disabled.
`telnet_alt_port`::
Another port on which the plugin listens on the telnet protocol. If it
is set to 0, listening to telnet protocol is disabled.
`http_port`::
The port on which the plugin listens on the http protocol. If it is
set to 0, it gets disabled.
......
......@@ -11,6 +11,7 @@ REDIR_OFFSET="$(uci -q get ucollect.@fakes[0].redir_offset || echo 1369)"
PORTS=`(
echo '23tcp'
echo '80tcp'
echo '2323tcp'
uci -q -d '
' get ucollect.@fakes[0].disable
uci -q -d '
......
......@@ -40,6 +40,17 @@ const struct server_desc server_descs_intern[] = {
.max_conn = 20,
.conn_timeout = 30 * SECOND
},
{ // An alternative telnet port
.name = "telnet_alt",
.code = 't',
.sock_type = SOCK_STREAM,
.default_port = 2323,
.conn_alloc_cb = telnet_conn_alloc,
.conn_set_fd_cb = telnet_conn_set_fd,
.server_ready_cb = telnet_data,
.max_conn = 20,
.conn_timeout = 30 * SECOND
},
{
.name = "http",
.code = 'H',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment